diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0583229..332e646 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,18 +8,11 @@ name: release
 permissions: {}
 
 jobs:
-  pypi:
-    name: upload release to PyPI
+  build:
+    name: build release distributions
     runs-on: ubuntu-latest
-    environment: release
     permissions:
-      # Used for OIDC publishing.
-      # Used to sign the release's artifacts with sigstore-python.
-      id-token: write
-
-      # Used to attach signing artifacts to the published release.
-      contents: write
-
+      contents: read
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
@@ -35,7 +28,29 @@ jobs:
       - name: build
         run: python -m build
 
+      - name: upload distributions
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: distributions
+          path: dist/
+          if-no-files-found: error
+
+  pypi:
+    name: upload release to PyPI
+    runs-on: ubuntu-latest
+    needs: build
+    environment: release
+    permissions:
+      # Used for OIDC publishing.
+      # Used to sign the release's artifacts with sigstore-python.
+      id-token: write
+
+    steps:
+      - name: download distributions
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: distributions
+          path: dist/
+
       - name: publish
         uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
-        with:
-          attestations: true